b75e65bcb1
Squashfs versioning: - ISO now contains filesystem-v<VERSION>.squashfs instead of the generic filesystem.squashfs, making it immediately visible which build is running (visible in /run/live/medium/live/ at boot time). - Full build path: rename filesystem.squashfs → filesystem-v*.squashfs after lb build, before lb binary_checksums/binary_iso. - Fast path: find and unpack whatever filesystem*.squashfs exists, repack as the new versioned name, remove the old file, update the ISO. - needs_full_build: accept any filesystem*.squashfs so version changes alone don't force a full rebuild. Media selection hardening: - Add live-media=/dev/disk/by-label/<LABEL> to the kernel boot line in addition to the existing live-media-label=<LABEL>. live-boot will now open exactly the labeled device rather than scanning all block devices, preventing accidental use of squashfs files from local disks or stale virtual media attached via IPMI. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
46 lines
1.8 KiB
Bash
Executable File
46 lines
1.8 KiB
Bash
Executable File
#!/bin/sh
|
|
# auto/config — live-build configuration for bee ISO
|
|
# Runs automatically when lb config is called.
|
|
# See: man lb_config
|
|
|
|
set -e
|
|
|
|
. "$(dirname "$0")/../VERSIONS"
|
|
|
|
# Pin the exact kernel ABI detected by build.sh so the ISO kernel matches
|
|
# the kernel headers used to compile NVIDIA modules. Falls back to meta-package
|
|
# when lb config is run manually without the environment variable.
|
|
if [ -n "${BEE_KERNEL_ABI:-}" ] && [ "${BEE_KERNEL_ABI}" != "auto" ]; then
|
|
LB_LINUX_PACKAGES="linux-image-${BEE_KERNEL_ABI}"
|
|
else
|
|
LB_LINUX_PACKAGES="linux-image"
|
|
fi
|
|
|
|
if [ -n "${BEE_ISO_VOLUME:-}" ]; then
|
|
LB_ISO_VOLUME="${BEE_ISO_VOLUME}"
|
|
else
|
|
LB_ISO_VOLUME="EASY_BEE_${BEE_GPU_VENDOR_UPPER:-NVIDIA}"
|
|
fi
|
|
|
|
lb config noauto \
|
|
--distribution bookworm \
|
|
--architectures amd64 \
|
|
--binary-images iso-hybrid \
|
|
--bootloaders "grub-efi,syslinux" \
|
|
--debian-installer none \
|
|
--archive-areas "main contrib non-free non-free-firmware" \
|
|
--mirror-bootstrap "http://mirror.mephi.ru/debian/" \
|
|
--mirror-chroot "http://mirror.mephi.ru/debian/" \
|
|
--mirror-binary "http://mirror.mephi.ru/debian/" \
|
|
--security true \
|
|
--linux-flavours "amd64" \
|
|
--linux-packages "${LB_LINUX_PACKAGES}" \
|
|
--memtest memtest86+ \
|
|
--iso-volume "${LB_ISO_VOLUME}" \
|
|
--iso-application "EASY-BEE-${BEE_GPU_VENDOR_UPPER:-NVIDIA}" \
|
|
--bootappend-live "boot=live live-media=/dev/disk/by-label/${LB_ISO_VOLUME} live-media-label=${LB_ISO_VOLUME} components video=1920x1080 console=ttyS0,115200n8 console=tty0 loglevel=3 systemd.show_status=1 username=bee user-fullname=Bee modprobe.blacklist=nouveau,snd_hda_intel,snd_hda_codec_realtek,snd_hda_codec_generic,soundcore" \
|
|
--debootstrap-options "--include=ca-certificates" \
|
|
--apt-recommends false \
|
|
--chroot-squashfs-compression-type zstd \
|
|
"${@}"
|